Privacy Policy

1. Introduction

This privacy policy sets out the obligations of Tourboks.com ApS a company registered in Denmark under CVR number 31864992, whose registered office is at Gersonsvej 1, 2900 Hellerup (“we”, “us”, “our”, “Tourboks”).
This policy details how we manage the personal information provided to us by you or a third party in connection with our provision of services to you or which we collect from your use of our services and/or our app(s) and website(s), with respect to your personal data under EU Regulation 2016/679 – General Data Protection Regulation (“GDPR”). This privacy policy should explain:

What types of personal data we collect and why we collect it.

When and how we may share personal data with other organisations.

The choices you have, including how to access, delete and update your personal data.

We are committed to protecting your personal information and recognise the vital importance of such protection. We want you to feel comfortable using our platform including our website located at www.tourboks.com, other tourboks.com branded websites owned and controlled by us, applications and other digital services (the “Site”).
As a company we make arrangements with third party service providers who provide travel and non-travel related services, products and information such as cruises, transportation, guides, sightseeing, activities amongst other things (the “Service Providers”).

2. What is personal data?

Personal data is defined by the GDPR as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. Personal data is any information about you, which will enable you to be identified.

3. Personal data we collect

We act solely as agents for the Service Providers whose services are being arranged for you. The services provided by the Service Providers are subject to the terms and conditions contained in the tickets, brochures, exchange orders or vouchers issued by the Service Providers and as a result we will share your personal data with the Service Providers to enable them to provide these services, please check the privacy policy on the Service Providers website before submitting any personal data.
On various occasions, including through forms on our website, we invite or request you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you.

Financial data, including your bank account details and other data required for fraud prevention, and other related billing information. We do not collect or store any credit card information. All payments are made through a third party payment provider Adyen to ensure your personal and sensitive credit card information is securely stored. We have no access to any of your credit card information.

Business information, which may include information such as corporate documents, share and shareholder information, articles of association, information about beneficial owners, provided in the course of the contractual or client relationship between you or your organisation and us or otherwise voluntarily provided by you or your organisation.

Usage and technical data, in relation to your communication and marketing preferences from us, including information about how you use our website including the services you viewed or searched for, length of visits and page interaction, information collected during your visits to our website, the Internet Protocol (IP) address, browser type and version. To learn more about our use of cookies or similar technology please see point 10, below.

4. How we use this Information

Under the GDPR, we must always have a lawful basis for using your personal data. In each case, the purpose for which you are invited to give us information will be clear. We will not use your information for purposes that are not clear when you provide your details, and we will not disclose it to anyone other than to our Service Providers. We may disclose information in other very limited circumstances, for example, with your agreement or where we are legally obliged to do so.
We may use your personal data for the following purposes (unless otherwise specified):

Account opening and customer services, where you request any support regarding your account, as instructed by you or your organisation.

For the purpose of facilitating your participation in any tours.

Administering and managing your account including processing payments using our payment service provider Adyen, accounting, auditing, and taking other steps linked to the performance of our business relationship.

Promoting, tailoring and personalising our services for you or your organisation including analysing and improving our services and communications, also monitoring compliance with our policies and business practices. This may also include sending marketing publications and details of events.

To prevent and detect security threats, frauds or other criminal or malicious activities to our communications and other systems.

For insurance purposes.

To allow you to participate in interactive features of our Site for example the forums, when you choose to do so.

In order for you to travel or go on tours overseas, we may be required to disclose your personal data to government bodies or other authorities in the EU and in other countries, such as those responsible for immigration, border control, security and anti-terrorism. Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate.

For any other purposes related to and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you to send you information from us about events or special offers and promotions which we believe may be of interest to you (other than information that you have specifically requested).
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, taking into account legal, accounting and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.
The criteria we use to determine the appropriate period of retention for other data, will be considered balancing the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.

5. If you do not want to receive information from us

We will always work to fully protect your rights and comply with our obligations under the GDPR and the and the European Directive 2002/58/EC also known as ‘the e-privacy Directive’, and you will always have the opportunity to opt-out of receiving our marketing. You can exercise this right at any time by contacting us. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.
We will never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing.
Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our other services.
We provide you with the ability to access and edit your personal data in your account by signing into your account. You may request deletion of your user account completely by contacting us (see point 12). Data and other content that you may have provided to us and that is not contained within your user account, such as posts that may appear within our forums, may continue to remain on our Site at our discretion even though your user account is deleted, so long as the storage and display of your content serve a necessary and objective business purpose. Where any of your content contains personally identifiable information for the purposes of GDPR, we will redact your content to anonymise such personally identifiable information so that your content no longer contains anything which may allow you to be identified (for example removing your name, username, location information etc.), or if this is not possible in the circumstances we will delete Your Content completely. Please see our Terms of Service.

6. Your rights

Under the GDPR, you have the following rights with respect to our use of your personal data:

Right to be informed about our collection and use of your personal data. This Data Privacy Policy should tell you everything you need to know but you can always contact us for further information or to ask questions.

Right of access to the data we hold on you.

Right to be forgotten. You have the right to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully processed.

Right to data portability. You have the right to request that your data is transferred to another data controller to use.

Right to rectification if any of the data we hold on you is inaccurate or incomplete.

Right to object to us using your personal data for a particular purpose.

Right to complain. If you believe that your rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

Right to restrict processing and withdraw consent. Where you have consented to our collection of your data you may at any time withdraw your consent. To do so please follow the steps in point 5 above.

7. Who we share your data with

We may share your personal data with certain trusted third parties in accordance with our contractual arrangements in place, including:

Our Service Providers;

Our professional advisers and auditors;

Our payment service provider;

IT service providers.

Third parties engaged in the course of the services we provide to you and with your prior consent;

Credit providers, any relevant regulatory, governmental, or law enforcement authority as required by law or as agreed with you;

Third parties involved in hosting or organising events or seminars.

Where necessary personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies, to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

8. Transfer of information abroad

We are incorporated as a private limited liability company under the laws of Denmark and subject to the laws and rules governing the Kingdom of Denmark and the European Union and the rules governing the members of the European Economic Area. However, we may operate through various local legal entities, which we add to or reorganise from time to time. When you provide information to any part of Tourboks you will in most cases be providing it to Tourboks as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country over and above the applicable regulation applicable within the EU and the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.

9. Security

The transmission of any information via the internet is never completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site, therefore any transmission is at your own risk.
As soon as we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access to it. All information you provide to us is stored on our secure servers.
All payments are made through a third party payment provider Adyen to ensure your personal and sensitive credit card information is securely stored. Our payment service provider is PCI compliant under PCI DSS certification.
Where you have a password to enable access certain parts of our Site, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.

10. Cookies and analytics

A cookie is a piece of data stored on a user's hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them. We use two types of cookies on our Site: Tourboks cookies and Google Analytics cookies.
Tourboks cookies are used for user experience enhancements like promotion coupon code popups and to keep you logged into your account. For more information please contact us (see point 12 below).
We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to monitor traffic. We use Google Analytics cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
The information that we collect in this process will not identify you as an individual. We do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the site. In some circumstances our records will identify organisations visiting our site and we may use that information in managing our relationship with those organisations, for example, in considering how to develop the services that we offer them. By using our website you agree that we can monitor your traffic on our website through Google Analytics. Google Analytics uses cookies, to help us analyse how users use our site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers within the area of the European Union and other parties to the European Economic Area Agreement. In certain cases outside our control the IP address may be first transferred to a Google server in the USA. Google will use the information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of these cookies via the settings in your browser of choice. You can also opt out of being tracked by Google Analytics in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en.

11. Links to other websites

Our Site contains links to other websites of interest and to of our principals, suppliers, advertisers and to our Service Providers, and selected other third parties for example Google Maps. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement before submitting any personal information to these websites.

12. Contacts

If you have any questions about our privacy policy, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us via email with enquiry topic "Data Privacy", or alternatively send a signed letter addressed to the Chryssa Oikonomidou and send to any of our offices. For all queries concerning or data privacy policy or any of your information, please contact us at info@tourboks.com.

We may change this policy from time to time by updating this page without notice. You should therefore check this page from time to time to ensure that you are happy with any changes. If you have previously agreed to us using your personal information for any purposes, you may change your mind at any time by writing to or emailing us.